facebook

Secure Connection to Web Service

  1. MobiOne Archive
  2.  > 
  3. Getting Help – General
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #345734 Reply

    Code_A
    Member

    I am working on an app that will allow my customers to access data through a web service after their login credentials have been verified. I would like to make sure the information is secure as it passed back and forth. I have an SSL in place on my web server to establish secure connections (https) for my web pages.

    Do I need any additional SSL or security layer within my app, or does making my ajax requests to my https addresses provide that same level of security to my mobile users?

    Thanks for the reply. I want to make sure my app is secure.

    #345759 Reply

    support-michael
    Keymaster

    I have referred this question to the dev team for additional review. My understanding is yes you can use an ajax call to an https resource/web service. A google search identified issues where the web server uses a self-signed certificate.

    #345858 Reply

    Code_A
    Member

    Any update on this? Security is not my strong suit so I would like to know what I need to do on my end to protect my customer’s data.

    Thanks!

    #345860 Reply

    Hi Code A,

    The dev team agreed with Michael’s answer.

    #345878 Reply

    Code_A
    Member

    @support-michael wrote:

    A google search identified issues where the web server uses a self-signed certificate.

    Can you please explain further? I am not sure I understand this comment.

    Thanks!

    #345894 Reply

    support-michael
    Keymaster

    I know just enough to be dangerous – so don’t quote me on anything I say here on…

    For ssl connections the encryption algorithm uses public/private keys to sign (encode) and decode messages passed back and forth between the server and a client. Some sites will create their own certificate (see self signed cert) rather than purchase one that is signed a certificate authority such as godaddy. My understanding is if your server uses a self signed cert that you may experience issues with secure ajax connections to hosted web services. I found references to google and our dev team also indicated you might have issues. I would try a small prototype and see if you can connect. If not, google up solutions such as the zillion threads on stackoverflow.
    Good luck man!

Viewing 6 posts - 1 through 6 (of 6 total)
Reply To: Secure Connection to Web Service

You must be logged in to post in the forum log in